*** Joins: paulf (7346ad2a@gateway/web/freenode/ip.115.70.173.42) | 00:22 | |
paulf | hi | 00:23 |
---|---|---|
*** Quits: paulf (7346ad2a@gateway/web/freenode/ip.115.70.173.42) (Client Quit) | 00:23 | |
*** Quits: kirillka (~Miranda@75-193-55-95.baltnet.ru) (Quit: kirillka) | 00:40 | |
*** Joins: kirillka (~Miranda@195.242.142.17) | 01:02 | |
*** Quits: brucelee (~adsfasdf@c-67-160-201-8.hsd1.ca.comcast.net) (Read error: Connection reset by peer) | 02:20 | |
*** Joins: brucelee (~adsfasdf@c-67-160-201-8.hsd1.ca.comcast.net) | 02:21 | |
*** Joins: soustruh (~Miranda@ip-86-49-121-75.net.upcbroadband.cz) | 02:31 | |
*** Quits: siebrand (~siebrand@5353A6DC.cm-6-4c.dynamic.ziggo.nl) (Quit: siebrand) | 02:38 | |
*** Joins: dregad (~dregad@wwwgate1.merck.de) | 03:11 | |
*** Joins: siebrand (~siebrand@188.200.34.66) | 03:16 | |
*** Joins: Arvidius (~Arvidius@188.201.221.57) | 03:26 | |
Arvidius | hey | 03:27 |
Arvidius | I have a question regarding mantis | 03:27 |
Arvidius | I installed it on my webserver and I really like it but I'm missing 1 feature | 03:27 |
Arvidius | is it possible to set a deadline for every bug that is added? | 03:28 |
Arvidius | an to remember the owner of the bug if the deadline is getting close? | 03:28 |
dregad | Arvidius: setting deadline --> yes | 03:33 |
dregad | reminder - not sure, I don't use this feature | 03:33 |
*** Quits: Arvidius (~Arvidius@188.201.221.57) (Ping timeout: 264 seconds) | 03:33 | |
*** Joins: Arvidius (~Arvidius@188.201.221.57) | 03:36 | |
dregad | check $g_due_date_update_threshold and $g_due_date_view_threshold | 03:36 |
Arvidius | I am sorry, I do not really understand? | 03:37 |
dregad | these are options you can set in config_inc.php | 03:38 |
dregad | by default the threshold is NOBODY meaning the feature is disabled | 03:38 |
Arvidius | ok, and with those options set I can use the feature I am looking for? | 03:39 |
dregad | it enables a due-date field which I think is what you need | 03:39 |
dregad | does not handle the notification though - don't think that Mantis can do that, you might have to setup a custom cron job | 03:40 |
Arvidius | thanks, I will try that :-) | 03:40 |
*** Quits: Arvidius (~Arvidius@188.201.221.57) () | 03:43 | |
*** Quits: Cesare (~Adium@creati59.lnk.telstra.net) (Quit: Leaving.) | 03:55 | |
*** Joins: fredcooke (~fred@131.2.221.87.dynamic.jazztel.es) | 04:22 | |
*** Joins: asm89 (~asm89@unaffiliated/asm89) | 04:27 | |
*** Joins: paul__ (52c6fa03@gateway/web/freenode/ip.82.198.250.3) | 04:28 | |
paul__ | moo | 04:28 |
dhx1 | paul__: hey | 04:30 |
paul__ | lo | 04:30 |
paul__ | I ran appscan over my codebase last week, and over 1.2.7 yesterday - i.e. http://www-01.ibm.com/software/awdtools/appscan/ | 04:31 |
dhx1 | paul__: any results? | 04:35 |
paul__ | a bunch of invalid stuff, and some stuff that needs fixing basically | 04:38 |
paul__ | i'm at work atm, that's at home | 04:38 |
dhx1 | XSS? | 04:40 |
paul__ | ya | 04:40 |
dhx1 | hmmm | 04:40 |
dhx1 | can you email me a copy when you get home? | 04:40 |
dhx1 | I can't wait to kill off 1.2.x... | 04:40 |
dhx1 | and for more browsers to support X-Content-Security-Policy... and then eventually, a version of MantisBT that has proper layout/content separation | 04:41 |
dregad | hi | 04:48 |
dregad | you guys seen this ? https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html | 04:48 |
paul__ | yea | 04:50 |
paul__ | not seen what though | 04:50 |
paul__ | wouldn't be surprised if i've already found the bugs with the scans i've done though | 04:50 |
dhx1 | why are security firms so useless at talking to open source projects? | 04:50 |
dregad | according to their policy, they would have sent a detailed e-mail | 04:50 |
dregad | but question is, to whom... | 04:51 |
dhx1 | maybe Victor | 04:51 |
dhx1 | it's happened before | 04:51 |
*** Quits: asm89 (~asm89@unaffiliated/asm89) (Quit: reboot) | 04:51 | |
dregad | Funny, that company's based in Geneva, less than 1 km away from my office | 04:52 |
dhx1 | LFI is bad... if it's true | 04:52 |
dhx1 | sounds similar to http://www.mantisbt.org/bugs/view.php?id=12607 | 04:52 |
dregad | LFI ? which one do you mean http://en.wikipedia.org/wiki/LFI | 04:53 |
*** Joins: asm89 (~asm89@unaffiliated/asm89) | 04:53 | |
dhx1 | dregad: http://en.wikipedia.org/wiki/Local_File_Inclusion | 04:54 |
dhx1 | oh nm, htbridge posted a bug | 04:55 |
dregad | just saw it | 04:56 |
dhx1 | oooh yeah that's bad | 04:57 |
dhx1 | or maybe not (on nginx) because you can't traverse upwards from a file | 04:58 |
asm89 | what is that appscan? sounds like a nice tool | 04:58 |
dhx1 | hmmm why is document.cookie working on mantisbt.org? HttpOnly is meant to be turned on :grrr: | 05:00 |
dhx1 | oh, it's only supported for PHP > 5.2.0 | 05:01 |
paul__ | 1/2+others i've already found + fixed | 05:08 |
asm89 | paul__: is that ibm tool a tool you use @work? | 05:11 |
dhx1 | paul__: I'll beat you to it :) | 05:13 |
dregad | dhx1: especially if paul__ forgets to push ::grin:: | 05:16 |
dhx1 | haha | 05:16 |
*** Quits: CIA-33 (~CIA@cia.atheme.org) (*.net *.split) | 05:40 | |
*** Joins: CIA-33 (~CIA@cia.atheme.org) | 05:42 | |
paul__ | asm89: not exactly ;p | 05:59 |
paul__ | but a tool I can get access to | 06:00 |
asm89 | ah nice :) | 06:01 |
paul__ | I plan to push the fixes i've found from said tool and send an email to list within next 12 hours | 06:03 |
paul__ | once those are pushed will take a look to see if those fixes have already covered the issues htbridge report | 06:04 |
dregad | paul__ coordinate your work with dhx as I'm sure is already on the htbridge report... | 06:15 |
paul__ | well, as I say, I think some of the htbridge issues i've already identified | 06:16 |
paul__ | I was planning on posting an advisory type of mail about the issues that appscan threw up once i'd checked them all out | 06:16 |
dhx1 | I'll have those htbridge vulnerabilities patched up shortly | 06:21 |
paul__ | dhx1: please dont | 06:21 |
dhx1 | and then I'll wait for yours (if they're different) | 06:21 |
paul__ | as I've already fixed them | 06:21 |
dhx1 | I'm doing them right :) | 06:21 |
paul__ | I think | 06:21 |
GitHub25 | [mantisbt] davidhicks pushed 1 new commit to master: http://git.io/4ShkWg | 07:29 |
GitHub25 | [mantisbt/master] Fix #13282, #13283: bug_actiongroup_ext_page.php LFI and XSS - David Hicks | 07:29 |
GitHub141 | [mantisbt] davidhicks pushed 1 new commit to master-1.2.x: http://git.io/guFs7Q | 07:29 |
GitHub141 | [mantisbt/master-1.2.x] Fix #13282, #13283: bug_actiongroup_ext_page.php LFI and XSS - David Hicks | 07:29 |
*** Joins: tsnfoo (~fulekia@ws-imac27.test.denison.edu) | 08:52 | |
*** Joins: daryn (~daryn@h158.249.190.173.static.ip.windstream.net) | 09:00 | |
*** Quits: kirillka (~Miranda@195.242.142.17) (Quit: kirillka) | 09:59 | |
*** Quits: paul__ (52c6fa03@gateway/web/freenode/ip.82.198.250.3) (Quit: Page closed) | 11:15 | |
*** Quits: asm89 (~asm89@unaffiliated/asm89) (Quit: bye) | 11:19 | |
*** Quits: soustruh (~Miranda@ip-86-49-121-75.net.upcbroadband.cz) (Quit: visit http://wormscesky.cz) | 12:39 | |
*** Quits: siebrand (~siebrand@188.200.34.66) (Quit: siebrand) | 13:35 | |
*** Joins: Phileas1 (~Phileas1@56.110.63.81.cust.bluewin.ch) | 14:23 | |
*** Joins: JonMarkGo (~Jon@ool-18bfe16f.dyn.optonline.net) | 14:50 | |
*** Quits: Phileas1 (~Phileas1@56.110.63.81.cust.bluewin.ch) (Quit: ChatZilla 0.9.87 [Firefox 3.6.20/20110803131630]) | 15:46 | |
*** Joins: siebrand (~siebrand@5353A6DC.cm-6-4c.dynamic.ziggo.nl) | 16:47 | |
*** Joins: soustruh (~Miranda@ip-86-49-121-75.net.upcbroadband.cz) | 17:18 | |
*** Parts: fredcooke (~fred@131.2.221.87.dynamic.jazztel.es) ("ISON zyp shaggymane dcramer `CHR1S1 TekniQue `CHR1S seank_ gurov rxKaffee kb1gtt1 obi-lan Lev8n TekniQue_ tomi_ge seank-efi Milosch hena pinztrek obi-lan_ jr- pieloverr djandruczyk gufi BassGuy sry_not4sale Evie johntramp Quan-Time Evie|shell Evie^2 piimae diy") | 17:19 | |
*** Quits: daryn (~daryn@h158.249.190.173.static.ip.windstream.net) (Quit: Ex-Chat) | 17:28 | |
*** Quits: soustruh (~Miranda@ip-86-49-121-75.net.upcbroadband.cz) (Quit: visit http://wormscesky.cz) | 18:40 | |
*** Joins: Cesare (~Adium@creati59.lnk.telstra.net) | 19:21 | |
*** Quits: micahg (~micahg@ubuntu/member/micahg) (Read error: Connection reset by peer) | 19:56 | |
*** Joins: micahg (~micahg@ubuntu/member/micahg) | 19:57 | |
*** Quits: scribe9343423 (~scribe934@static.96.23.63.178.clients.your-server.de) (Remote host closed the connection) | 20:00 | |
*** Joins: scribe9343423 (~scribe934@static.96.23.63.178.clients.your-server.de) | 20:00 | |
*** Quits: micahg (~micahg@ubuntu/member/micahg) (Read error: Operation timed out) | 20:55 | |
*** Joins: micahg (~micahg@ubuntu/member/micahg) | 20:57 |
Generated by irclog2html.py 2.9.2 by Marius Gedminas - find it at mg.pov.lt!